Web Proxy firewall services and service groups
Configure web proxy services by selecting Explicit Proxy when configuring a service. Web proxy services can be selected in a explicit web proxy policy when adding one from the CLI. If you add a policy from the web-based manager the service is set to the webproxy service. The webproxy service should be used in most cases, it matches with any traffic with any port number. However, if you have special requirements, such as using a custom protocol type or a reduced port range or need to add an IP/FQDN to an explicit proxy service you can create custom explicit web proxy services.
Web proxy services are similar to standard firewall services. You can configure web proxy services to define one or more protocols and port numbers that are associated with each web proxy service. Web proxy services can also be grouped into web proxy service groups.
One way in which web proxy services differ from firewall services is the protocol type you can select. The following protocol types are available:
- ALL
- CONNECT
- FTP
- HTTP
- SOCKS-TCP
- SOCKS-UDP
To add a web proxy service go to Policy & Objects > Services and select Create New. Set Service Type to Explicit Proxy and configure the service as required. To add a web proxy service from the CLI enter:
config firewall service custom edit my-socks-service
set explicit-proxy enable set category Web Proxy
set protocol SOCKS-TCP
set tcp-portrange 3450-3490 end
To add a web proxy service group go to Policy & Objects > Services and select Create New > Service Group. Set Type to Explicit Proxy and add web proxy services to the group as required. To add a web proxy service group from the CLI enter:
config firewall service group edit web-group
set explicit-proxy enable
set member webproxy my-socks-service end